Java _选择_订单、orderby、ORDER)不应该是“按%s%s从表顺序中选择名称、id、xyz”然后选择String.format(SQL\u SELECT\u ORDER、orderby、ORDER) SELECT name, id, xyz FROM
_选择_订单、orderby、ORDER)不应该是Java _选择_订单、orderby、ORDER)不应该是“按%s%s从表顺序中选择名称、id、xyz”然后选择String.format(SQL\u SELECT\u ORDER、orderby、ORDER) SELECT name, id, xyz FROM ,java,jdbc,prepared-statement,Java,Jdbc,Prepared Statement,_选择_订单、orderby、ORDER)不应该是“按%s%s从表顺序中选择名称、id、xyz”然后选择String.format(SQL\u SELECT\u ORDER、orderby、ORDER) SELECT name, id, xyz FROM table ORDER BY ? ps.setString(1, "xyz"); SELECT name, id, xyz FROM table ORDER BY 'xyz' SELECT name, id, xyz FROM table
“按%s%s从表顺序中选择名称、id、xyz”
然后选择String.format(SQL\u SELECT\u ORDER、orderby、ORDER)代码>
SELECT name, id, xyz FROM table ORDER BY ?
ps.setString(1, "xyz");
SELECT name, id, xyz FROM table ORDER BY 'xyz'
SELECT name, id, xyz FROM table ORDER BY 'xyz'
ps.setInteger(1, 3);
private static final String SQL_SELECT_ORDER = "SELECT name, id, xyz FROM table ORDER BY %s";
...
public List<Data> list(boolean ascending) {
String order = ascending ? "ASC" : "DESC";
String sql = String.format(SQL_SELECT_ORDER, order);
...
private static final String SQL_SELECT_IN = "SELECT name, id, xyz FROM table WHERE id IN (%s)";
...
public List<Data> list(Set<Long> ids) {
String placeHolders = generatePlaceHolders(ids.size()); // Should return "?,?,?..."
String sql = String.format(SQL_SELECT_IN, placeHolders);
...
DAOUtil.setValues(preparedStatement, ids.toArray());
...
SELECT name, id, xyz FROM table ORDER BY 'xyz'
pulbic List<Object> getAllTableWithOrder(String order_field, String order_direction) {
String sql = "select * from table order by ? ?";
//add connection here
PreparedStatement ps = (PreparedStatement) conn.prepareStatement(sql);
ps.setString(1,order_field);
ps.setString(2,order_direction);
logger.info(String.valueOf(ps)); //returns something like: com.mysql.jdbc.JDBC4PreparedStatement@a0ff86: select * from table order by 'id' 'desc'
String sqlb = String.valueOf(ps);
String sqlc = sqlb.replace("'"+order_field+"'", order_field);
String sqld = sqlc.replace("'"+order_direction+"'", order_direction);
String[] normQuery = sqld.split(":");
ResultSet result = conn.createStatement().executeQuery(normQuery[1]);
while(result.next()) {
//iteration
}
}